New NIST/NSA Revelations
	Less than three weeks after the White House announced a 
controversial initiative to secure the nation's electronic 
communications with government-approved cryptography, newly 
released documents raise serious questions about the process that 
gave rise to the administration's proposal.  The documents, 
released by the National Institute of Standards and Technology 
(NIST) in response to a Freedom of Information Act lawsuit, 
suggest that the super-secret National Security Agency (NSA) 
dominates the process of establishing security standards for 
civilian computer systems in contravention of the intent of 
legislation Congress enacted in 1987.
	The released material concerns the development of the  
Digital Signature Standard (DSS), a cryptographic method for 
authenticating the identity of the sender of an electronic 
communication and for authenticating the integrity of the data in 
that communication.  NIST publicly proposed the DSS in August 1991 
and initially made no mention of any NSA role in developing the 
standard, which was intended for use in unclassified, civilian 
communications systems.  NIST finally conceded that NSA had, in 
fact, developed the technology after Computer Professionals for 
Social Responsibility (CPSR) filed suit against the agency for 
withholding relevant documents.  The proposed DSS was widely 
criticized within the computer industry for its perceived weak 
security and inferiority to an existing authentication technology 
known as the RSA algorithm.  Many observers have speculated that 
the RSA technique was disfavored by NSA because it was, in fact, 
more secure than the NSA-proposed algorithm and because the RSA 
technique could also be used to encrypt data very securely.
	The newly-disclosed documents -- released in heavily censored 
form at the insistence of NSA -- suggest that NSA was not merely 
involved in the development process, but dominated it.  NIST and 
NSA worked together on the DSS through an intra-agency Technical 
Working Group (TWG).  The documents suggest that the NIST-NSA 
relationship was contentious, with NSA insisting upon secrecy 
throughout the deliberations.  A NIST report dated January 31, 
1990, states that
     The members of the TWG acknowledged that the efforts 
     expended to date in the determination of a public key 
     algorithm which would be publicly known have not been 
     successful.  It's increasingly evident that it is 
     difficult, if not impossible, to reconcile the concerns 
     and requirements of NSA, NIST and the general public 
     through using this approach.
	The civilian agency's frustration is also apparent in a July 
21, 1990, memo from the NIST members of the TWG to NIST director 
John W. Lyons.  The memo suggests that "national security" 
concerns hampered efforts to develop a standard:
     THE NIST/NSA Technical Working Group (TWG) has held 18 
     meetings over the past 13 months.  A part of every 
     meeting has focused on the NIST intent to develop a 
     Public Key Standard Algorithm Standard.  We are 
     convinced that the TWG process has reached a point where 
     continuing discussions of the public key issue will 
     yield only marginal results.  Simply stated, we believe 
     that over the past 13 months we have explored the 
     technical and national security equity issues to the 
     point where a decision is required on the future 
     direction of digital signature standards.
An October 19, 1990, NIST memo discussing possible patent issues 
surrounding DSS noted that those questions would need to be 
addressed "if we ever get our NSA problem settled."  
	Although much of the material remains classified and withheld 
from disclosure, the "NSA problem" was apparently the intelligence 
agency's demand that perceived "national security" considerations 
take precedence in the development of the DSS.  From the outset, 
NSA cloaked the deliberations in secrecy.  For instance, at the 
March 22, 1990, meeting of the TWG, NSA representatives presented 
NIST with NSA's classified proposal for a DSS algorithm.  NIST's 
report of the meeting notes that
     The second document, classified TOP SECRET CODEWORD, was 
     a position paper which discussed reasons for the 
     selection of the algorithms identified in the first 
     document.  This document is available at NSA for review 
     by properly cleared senior NIST officials.
In other words, NSA presented highly classified material to NIST 
justifying NSA's selection of the proposed algorithm -- an 
algorithm intended to protect and authenticate unclassified 
information in civilian computer systems.  The material was so 
highly classified that "properly cleared senior NIST officials" 
were required to view the material at NSA's facilities.
	These disclosures are disturbing for two reasons.  First, the 
process as revealed in the documents contravenes the intent of 
Congress embodied in the Computer Security Act of 1987.  Through
that legislation, Congress intended to remove NSA from the process 
of developing civilian computer security standards and to place 
that responsibility with NIST, a civilian agency.  Congress 
expressed a particular concern that NSA, a military intelligence 
agency, would improperly limit public access to information in a 
manner incompatible with civilian standard setting.  The House 
Report on the legislation noted that NSA's
     natural tendency to restrict and even deny access to 
     information that it deems important would disqualify 
     that agency from being put in charge of the protection 
     of non-national security information in the view of many 
     officials in the civilian agencies and the private 
While the Computer Security Act contemplated that NSA would 
provide NIST with "technical assistance" in the development of 
civilian standards, the newly released documents demonstrate that 
NSA has crossed that line and dominates the development process.  
	The second reason why this material is significant is because 
of what it reveals about the process that gave rise to the so-
called "Clipper" chip proposed by the administration earlier this 
month.  Once again, NIST was identified as the agency actually 
proposing the new encryption technology, with "technical 
assistance" from NSA.  Once again, the underlying information 
concerning the development process is classified.  DSS was the 
first test of the Computer Security Act's division of labor 
between NIST and NSA.  Clipper comes out of the same 
"collaborative" process.  The newly released documents suggest 
that NSA continues to dominate the government's work on computer 
security and to cloak the process in secrecy, contrary to the 
clear intent of Congress.
	On the day the Clipper initiative was announced, CPSR 
submitted FOIA requests to key agencies -- including NIST and NSA 
-- for information concerning the proposal.  CPSR will pursue 
those requests, as well as the pending litigation concerning NSA 
involvement in the development of the Digital Signature Standard.  
Before any meaningful debate can occur on the direction of 
cryptography policy, essential government information must be made 
public -- as Congress intended when it passed the Computer 
Security Act.  CPSR is committed to that goal. 
David L. Sobel
CPSR Legal Counsel
(202) 544-9240

Return to:

Digital Signature Standard Page

Cryptography Policy Page

EPIC Home Page